Spectre-Meltdown mitigation update

Since we released 4.14.18 yesterday, we now are in pretty good shape with the mitigations, especially on x86_64. We now have bits in place for Spectre v1, v2 and Meltdown.

Of course over the coming weeks/months there will be more follow-up fixes upstream to cover corner cases, missed fixes and improvements for all of this…

And we still need Intel and AMD to release microcodes so hardware vendors can release updated BIOS/EFI firmwares and to the public so we can provide microcode updates in case of vendors not providing new BIOS/EFI firmwares.

Oh, and for those that like to check 🙂 The official way of checking the kernel status is:

grep . /sys/devices/system/cpu/vulnerabilities/*

We still lack meltdown support for 32bit in mga6, but we have now (Feb 9th) merged the upstream suggested patches for it in Cauldron, so a kernel with those patches will land in testing later today along with an update to 4.14.19

It still lacks some performance related bits, but we are getting there.

13 Responses to Spectre-Meltdown mitigation update

the above command to check the kernels state does not provide any output, but cat /sys/devices/system/cpu/vulnerabilities/* works well:
Mitigation: PTI
Mitigation: __user pointer sanitization
Mitigation: Full generic retpoline

This so-called expert knows nothing on the topic. His conference is bullshit, plain and simple, nothing more. Normal users don’t care about spectre meldown, they are not affected. Only obscure systems are affected. The attack is very complex. Not practical.

From what I’ve read on the matter via Ars Technica & elsewhere the Spectre & Meltdown issues are big ones for those running websites in virtual machines and there are many vulnerable servers across all OS families. I know it’s not a huge issue for desktop users until they go on line & log into anything secure, but regardless I’m glad that Mageia is acting responsibly & trying to make all users more secure whether we are using Mageia for a server or a desktop. And of course those of us who only use desktop Linux better hope that whatever severs we connect to securely on line are powered by an OS working as hard to be secure as Mageia.

Thanks for all the effort. Given both that & the issues I’ve been having with my Fedora install eating it’s copy of GRUB I think Mageia will be my goto Distro for doing secure on line transactions. I think Mageia would become the perfect distro for all desktop users if you defaulted to a more modern software center as an alternative to rpmdrake & did a few more things to add extra desktop polish.

Donate to Mageia.Org

Mageia only relies on its own community involvement, be it time, skills, money.